Shortly after the release of Google’s Chrome, researcher Aviv Raff discovered he could combine two vulnerabilities to trick users into launching executables directly from the new browser.
I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it’s very problematic.
They’ll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time.
Raff’s proof-of-concept shows how a malicious hacker using a social engineering lure can drop malware on Windows desktops.
Aviv Raff On .NET
Contributing to the innovation of browsers through openness
“While we see this as a fundamental shift in the way people think about browsers, we realize that we couldn’t have created Google Chrome on our own,” said Linus Upson, Director of Engineering, Google Inc. “Google Chrome was built upon other open source projects that are making significant contributions to browser technology and have helped to spur competition and innovation.”
Google Press release
Previous Certifiedbug: Safari update fixes “carpet bomb”
{ 0 comments… add one now }